|
|
|
The SiteMinder Agent for SAP Web AS uses either one or both of the following modes to authenticate users:
Validates user sessions against the SiteMinder Policy Server, which confirms that the SMSESSION cookie the user presents is legitimate. The SiteMinder Policy Server returns the ID of the SAP Web AS user in an SiteMinder active response to the SiteMinder Agent for SAP Web AS, which asserts that ID to the SAP Web Application Server. The SAP Web Application server authorizes the user.
Receives Federation Profile cookies from CA Technologies Federation Manager. The SiteMinder Agent for SAP Web AS extracts the contents of the cookie, and then asserts the SP side user ID and the user attributes (from the cookie) to the SAP Web Application server. The SAP Web Application server authorizes the user.
Both modes can be used together. For example, you can use the SSO mode to authenticate the users inside your organization, and you can use the Federation mode to authenticate users outside of your organization. However, only one mode can be used in a web browser session.
If both modes are used together and the user is authenticated by SiteMinder and Federation Manager, then the SiteMinder authentication takes priority. For example, if Federation Manager operates with the SiteMinder Connector enabled, then the SiteMinder authentications take priority over the Federation Manager authentications.
| Copyright © 2012 CA. All rights reserved. |
|